Day39
作者:孫鵬鵬
歸檔:課后筆記
時(shí)間:2019/4/24
快捷鍵:
Ctrl + 1??? 標(biāo)題1
Ctrl + 2??? 標(biāo)題2
Ctrl + 3??? 標(biāo)題3
Ctrl + 4??? 標(biāo)題4
Ctrl + 5??? 程序代碼
Ctrl + 6??? 正文
Ctrl + 7??? 實(shí)例1-1
格式說明:
藍(lán)色字體:注釋
黃色背景:重要
綠色背景:注意
老男孩教育教學(xué)核心思想6重:重目標(biāo)腐魂、重思路盐股、重方法、重實(shí)踐渗磅、重習(xí)慣蛙奖、重總結(jié)
學(xué)無止境书妻,老男孩教育成就你人生的起點(diǎn)!
聯(lián)系方式:
網(wǎng)站運(yùn)維QQ交流群:
Linux?385168604架構(gòu)師390642196
Python 29215534大數(shù)據(jù)421358633
官方網(wǎng)站:
目? 錄
第一章:
#!/bin/bash
ssh-keygen-f ~/.ssh/id_rsa? -P '' -q
forip in 7 8 41 31
do
? sshpass -p123456 ssh-copy-id -i~/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no" 172.16.1.$ip
done
ansible模塊查看和幫助*****
查找模塊
ansible-doc-l????????? #模塊就Linux命令了寂诱。
查看某個(gè)模塊的具體參數(shù)幫助
ansible-doc-s command? #Linux命令參數(shù)
command模塊 *****
功能說明:
command? Executes a command on a remote node
功能說明:執(zhí)行一個(gè)命令在遠(yuǎn)程節(jié)點(diǎn)上
操作實(shí)踐:
ansibleoldboy -m command -a "free -m"
ansibleoldboy -m command -a "df -h"
ansibleoldboy -m command -a "ls /root"
ansibleoldboy -m command -a "cat redhat-release"
ansibleoldboy -m command -a "cat /etc/redhat-release"
最通用的功能躯泰。
[root@m01~]# ansible oldboy -m command -a "cat /etc/redhat-release"
172.16.1.7| CHANGED | rc=0 >>
CentOSLinux release 7.6.1810 (Core)
[root@m01~]# cat /server/scripts/cmd.sh
for n in 31 41
do
??echo "=====172.16.1.$n======"
??ssh 172.16.1.$n "$1"
done
[root@m01~]# sh /server/scripts/cmd.sh "cat /etc/redhat-release"
=====172.16.1.31======
CentOS Linux release 7.6.1810 (Core)
=====172.16.1.41======
CentOS Linux release 7.6.1810 (Core)
特殊:不支持的東西谭羔,例如> < | &等$HOME,替代方案用shell模塊
ansibleoldboy -m shell -a "ps -ef|grep ssh"
ansibleoldboy -m shell -a "echo oldboy >/tmp/a.log"
參數(shù):chdir=/tmp配置相當(dāng)于cd /tmp
[root@m01~]# ansible oldboy? -m command -a"pwd chdir=/etc"
ansibleoldboy? -m shell -a "cd/etc/;pwd"
參數(shù):creates=/etc? 相當(dāng)于條件測試? [ -e /etc ]||pwd和下面removes相反
[root@m01~]# ansible oldboy? -m command -a"pwd creates=/etc"
參數(shù):removes=/root 相當(dāng)于條件測試 [ -e /root ]&&ls
/root
ansibleoldboy? -m command -a "ls /rootremoves=/root"
ansibleoldboy? -m shell -a "[ -d /etc]||pwd"
[root@m01~]# ansible oldboy? -m command -a"cat /etc/hosts removes=/etc/hosts"
參數(shù):warn=False 忽略警告
[root@m01 ~]# ansible oldboy? -m command -a "chmod 000 /etc/hostswarn=False"
shell模塊功能說明:
功能說明:執(zhí)行一個(gè)命令在遠(yuǎn)程節(jié)點(diǎn)上
shell? Execute commands in nodes.
實(shí)踐:增加文本文件
[root@m01 ~]# ansible oldboy -m shell
-a "echo oldboy >/tmp/tmp.txt"
172.16.1.41| CHANGED | rc=0 >>
172.16.1.31| CHANGED | rc=0 >>
[root@m01 ~]# ansible oldboy -m shell
-a "cat /tmp/tmp.txt"
172.16.1.41| CHANGED | rc=0 >>
oldboy
172.16.1.31| CHANGED | rc=0 >>
oldboy
要執(zhí)行的腳本必須在遠(yuǎn)程機(jī)器上存在:
[root@m01 ~]# ansible oldboy -m shell
-a "sh /server/scripts/bak.sh"
172.16.1.41| FAILED | rc=127 >>
sh:
/server/scripts/bak.sh: 沒有那個(gè)文件或目錄non-zero return code
172.16.1.31 | CHANGED | rc=0 >>
copy模塊功能說明:
功能說明:復(fù)制文件到遠(yuǎn)程主機(jī)
實(shí)踐1:把/etc/hosts拷貝到/opt下麦向,權(quán)限設(shè)置400,用戶和組設(shè)置root
ansibleoldboy -m copy -a "src=/etc/hosts dest=/opt mode=0400 owner=rootgroup=root backup=yes"
實(shí)踐2:把/etc/passwd拷貝/tmp下改名為oldgirl客叉,用戶和組為oldboy诵竭,權(quán)限600,如果有存在同名文件覆蓋
ansible oldboy -m copy -a"src=/etc/passwd dest=/tmp/oldgirl.txt owner=oldboy group=oldboy mode=0600force=yes"
script模塊功能說明:
功能說明:遠(yuǎn)程節(jié)點(diǎn)上運(yùn)行本地腳本模塊
shell模塊和script模塊執(zhí)行腳本區(qū)別:
[root@m01 /server/scripts]# ansible
oldboy -m shell -a "sh /server/scripts/bak.sh"
172.16.1.41| FAILED | rc=127 >>
sh:
/server/scripts/bak.sh: 沒有那個(gè)文件或目錄non-zero return code
172.16.1.31| FAILED | rc=127 >>
sh:
/server/scripts/bak.sh: 沒有那個(gè)文件或目錄non-zero return code
本地腳本兼搏,在遠(yuǎn)端執(zhí)行卵慰。
[root@m01
/server/scripts]# ansible oldboy -m script -a
"/server/scripts/new.sh"
file模塊功能說明:
功能說明:設(shè)置文件屬性
參數(shù)實(shí)踐:創(chuàng)建數(shù)據(jù)文件(普通文件目錄 軟鏈接文件)
ansibleoldboy -m file -a "dest=/tmp/oldboy_dir state=directory"
ansibleoldboy -m command -a "mkdir -p /tmp/oldboy_dir1 warn=false"
ansibleoldboy -m file -a "dest=/tmp/oldboy1 state=touch"
ansibleoldboy -m command -a "touch /tmp/oldboy_file1.txt warn=false"
替代方案:
ansibleoldboy? -m command -a "chmod 777/etc/hosts warn=false"
ansibleoldboy? -m command -a "chmod 644/etc/hosts warn=false"
ansibleoldboy? -m command -a "chown oldboy/etc/hosts warn=false"
ansibleoldboy? -m command -a "chown root/etc/hosts warn=false"
實(shí)踐操作
創(chuàng)建目錄:mkdir
/tmp/oldboy_dir
ansibleoldboy -m file -a "dest=/tmp/oldboy_dir state=directory"
遞歸設(shè)置權(quán)限:
ansibleoldboy -m file -a "dest=/tmp/oldboy_dir state=directory mode=644recurse=yes"
創(chuàng)建文件:touch
/tmp/oldboy_file
ansibleoldboy -m file -a "dest=/tmp/oldboy_file state=touch"
刪除文件:rm
-f /tmp/oldboy_file
ansibleoldboy -m file -a "dest=/tmp/oldboy_file state=absent"
創(chuàng)建鏈接文件:ln
-s /etc/hosts /tmp/link_file
ansible oldboy -m file -a"src=/etc/hosts dest=/tmp/link_file state=link"
yum模塊功能說明:
功能說明:yum包管理模塊
實(shí)踐操作
ansibleoldboy? -m command -a "yum installnginx -y"
ansibleoldboy -m yum -a "name=nginx state=installed"
ansibleoldboy -m yum -a "name=nc state=installed"
[root@nfs01 oldboy_dir]# rpm -qa nginx
nginx-1.10.2-1.el6.x86_64
###不要用yum卸載,可用rpm -e卸載佛呻。
systemd模塊功能說明:(service模塊)
實(shí)踐:
ansibleoldboy -m systemd -a "name=crond.service enabled=no state=stopped "
ansibleoldboy -m command -a "systemctl status crond"
ansible oldboy -m systemd -a"name=crond.service enabled=yes state=started"
#service模塊功能說明:
功能說明:啟動(dòng)停止服務(wù)
#相當(dāng)于
#service crond stop|/etc/init.d/crondstop
#chkconfig crond off
ansibleoldboy -m service -a "name=crond state=stop enabled=no"
#相當(dāng)于/etc/init.d/crond start
chkconfig crond on
ansibleoldboy -m service -a "name=crond state=started enabled=yes"
ansible oldboy -m command -a"name=crond state=started enabled=yes"
ron模塊功能說明:
功能說明:管理定時(shí)任務(wù)條目信息模塊
cron???? Manage cron.d and crontab entries
定時(shí)任務(wù)格式:
* * * * * CMD
????? ? 定時(shí)任務(wù)時(shí)間參數(shù):
minute:??????????????? # ( 0-59, *, */2, etc )
hour:????????????????? # ( 0-23, *, */2, etc )
day:?????????????????? # ( 1-31, *, */2, etc )
month:???????????????? # ( 1-12, *, */2, etc )
weekday:?????????????? # ( 0-6 for Sunday-Saturday, *,etc )
job:????????????? ?????#命令
創(chuàng)建定時(shí)任務(wù):
ansible oldboy -m cron -a"name='sync time' minute=00 hour=00 job='/usr/sbin/ntpdate time.nist.gov>/dev/null 2>&1'"
?????????????????? 管理配置好:
1裳朋、創(chuàng)建分發(fā)秘鑰
2、安裝ansible工具吓著。
3鲤嫡、一鍵執(zhí)行各服務(wù)腳本
具體服務(wù)一鍵實(shí)現(xiàn)的幾個(gè)步驟:
1、計(jì)劃要做绑莺。
2暖眼、單機(jī)安裝好,步驟抽出來纺裁。
3诫肠、寫成腳本,一鍵安裝欺缘。
4栋豫、拿到管理機(jī)安裝
1)一鍵完成rsync服務(wù)端安裝。
劇本:
#1)安裝
#yuminstall rsync -y
#2)配置配置文件/etc/rsyncd.conf
cp/etc/rsyncd.conf{,.ori}
cat>/etc/rsyncd.conf<
#rsync_config_______________start
#createdby oldboy
#site:http://www.oldboyedu.com
uid= rsync
gid= rsync
usechroot = no
fakesuper = yes
maxconnections = 200
timeout= 600
pidfile = /var/run/rsyncd.pid
lockfile = /var/run/rsync.lock
logfile = /var/log/rsyncd.log
ignoreerrors
readonly = false
list= false
hostsallow = 172.16.1.0/24
hostsdeny = 0.0.0.0/32
authusers = rsync_backup
secretsfile = /etc/rsync.password
[backup]
comment= welcome to oldboyedu backup!
path= /backup/
EOF
#3)創(chuàng)建用戶和備份目錄
useraddrsync
idrsync
mkdir-p /backup
chown-R rsync.rsync /backup/
ls-ld /backup/
#4)啟動(dòng)和檢查
systemctlstart rsyncd
systemctlenable rsyncd
systemctlstatus rsyncd
ps-ef|grep sync|grep -v grep? #檢查進(jìn)程
netstat-lntup|grep 873??????? #檢查端口
#5)配置密碼文件
echo"rsync_backup:oldboy" > /etc/rsync.password
chmod600 /etc/rsync.password
cat/etc/rsync.password
ls-l /etc/rsync.password
#rsync服務(wù)端配置完成谚殊。
#最終腳本路徑/server/scripts/install_rsync_server.sh丧鸯,需提前測試成功。
2)一鍵完成rsync客戶端安裝络凿。
#方法1:認(rèn)證密碼文件
echo"oldboy" > /etc/rsync.password
chmod600 /etc/rsync.password
cat/etc/rsync.password
ls-l /etc/rsync.password
rsync-avz /etc/hosts rsync_backup@172.16.1.41::backup--password-file=/etc/rsync.password
#最終腳本路徑/server/scripts/install_rsync_client.sh骡送,需提前測試成功昂羡。
3)配置管理機(jī)61-m01:
1)實(shí)現(xiàn)批量分發(fā)秘鑰,免秘鑰管理
#!/bin/bash
yuminstall ansible -y??????????????? #含sshpass
[~/.ssh/id_rsa ]&& rm -fr ~/.ssh
ssh-keygen-f ~/.ssh/id_rsa? -P '' -q
forip in 31 41 7 8
do
? sshpass -p123456 ssh-copy-id -f -i~/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no" 172.16.1.$ip
? ssh 172.16.1.$ip "ifconfig eth0"
done
#腳本路徑/server/scripts/create_key.sh
4)實(shí)現(xiàn)文件分發(fā)和命令管理
方法1:腳本開發(fā)分發(fā)工具
[root@m01/server/scripts]# cat fenfa.sh
#!/bin/sh
./etc/init.d/functions
if[ $# -ne 2 ]
then
??? echo "usage:/bin/sh $0 localfileremotedir"
??? exit 1
fi
forn in? `cat /etc/ssh/hosts`
do
?? scp -P 22 -rp $1 root@$n:$2&>/dev/null
?? if [ $? -eq 0? ]
?? then
????? ???action "$n successful" /bin/true
?? else
??????????? action "$n failure"/bin/false
?? fi
done
=============
[root@m01/server/scripts]# cat fenfa.sh
#!/bin/sh
forn in? 7 31 41
do
?? scp -P 22 -rp $1 root@$n:$2&>/dev/null
done
[root@m01/server/scripts]# cat cmd.sh
forn in 31 41 7
do
?? echo "=====172.16.1.$n======"
?? ssh 172.16.1.$n "$1"
done
方法2:使用ansible工具
yuminstall ansible -y
[root@m01/server/scripts]# cat /etc/ansible/hosts
[oldboy]
172.16.1.31
172.16.1.41
172.16.1.7
2)優(yōu)化所有機(jī)器SSH
優(yōu)化目標(biāo)sshd_config
[root@m01/server/scripts]# sed -n '17,22p' /etc/ssh/sshd_config
####Startby oldboy#2020-04-26###
PermitEmptyPasswordsno
UseDNSno
GSSAPIAuthenticationno
#ListenAddress172.16.1.7:22
####Endby oldboy#2018-04-26###
方法1:腳本分發(fā)
[root@m01/server/scripts]# sh fenfa.sh /etc/ssh/sshd_config /etc/ssh/
7successful??????????????????????????????????????????????[? 確定?]
31successful?????????????????????????????????????????????[? 確定?]
41successful?????????????????????????????????????????????[? 確定?]
[root@m01/server/scripts]#
[root@m01/server/scripts]#
[root@m01/server/scripts]#
[root@m01/server/scripts]# sh cmd.sh "systemctl restart sshd"
=====172.16.1.31======
=====172.16.1.41======
=====172.16.1.7======
方法2:使用ansible分發(fā)
ansibleoldboy -m copy -a "src=/etc/ssh/sshd_config dest=/etc/ssh/sshd_configbackup=yes"
ansibleoldboy -m shell -a "systemctl restart sshd"
從管理機(jī)實(shí)現(xiàn)一鍵安裝install_rsync_server.sh
ansible172.16.1.41 -m script -a "/server/scripts/install_rsync_server.sh"
[root@m01/server/scripts]# cat /etc/ansible/hosts
[oldboy]
172.16.1.31
172.16.1.41
172.16.1.7
172.16.1.8
[rsync_client]
172.16.1.31
172.16.1.8
ansiblersync_client -m script -a "/server/scripts/install_rsync_client.sh"
實(shí)現(xiàn)從管理機(jī)一鍵完成安裝rsync服務(wù)端和客戶端
3)一鍵完成nfs服務(wù)端摔踱。
4)一鍵完成nfs客戶端虐先。
5)一鍵完成sersync服務(wù)端。
6)一鍵完成sersync客戶端派敷。
一個(gè)腳本one_key.sh或者一個(gè)ansible命令蛹批。完成
